CyberSecurity Trends

um hello everyone I hope you all are well uh my name is Sean wasonga and I have the pleasure and also the cast of talking to you in the afternoon after you've had a very big lunch some of you are sleepy I think we've had a very in-depth panel discussion so just try bear with me one thing that I can state is my session is going to be very very technical no I'm joking it's going to be very acoustic less technical so just give me a few moments of your time we're going to be talking about Trends in cyber security Now how many of you you know Morpheus okay it's I mean it's an old movie like the new Matrix wasn't good but Morpheus comes from a movie known as The Matrix now the matrix it's it's something uh it's a movie that I really like nothing to do inside the security I mean a few key things but there's a motion in or there's a time in that movie where Morpheus talks to the main is it protagonist which is Neo and gives him an option of saying uh the red or blue pill you live and you land similar towards that if you look at organizations there are those that actually know that they are under attack and those that actually don't know that they're under attack now drawing parallels towards the movie is I think the red pill will say you know you take it and continue living with your life as is the blue pill was for you to take it and then you would understand what the Matrix actually is get to understand the system get into the periods of what's actually going and I'm taking those two parallel notes and likening it to the current situation that is the organization okay so let's get into the first slide I'll do a brief introduction of myself spent a lot of time on the animation so all right so it's always good to give um whether if anyone wants to link with me these are my my socials so scan the link to the GitHub I'm on Twitter and I'm also happy gamer so if you have Xbox feel free to reach out to me you don't do PlayStation anyway no we don't do that one anyway so um it's good to to just give you an origin story in terms of where I am or how how I actually got here so I graduated in 2012. um happened to have the opportunity of doing my undergrad outside of Kenya so when I came back it was in a computer science computer security degree graduated with owners came back and naturally I think I think it's a resounding thing foreign agreement no one is hiring I think it's a different time now with all these multinationals everything no one's hiring Etc but during my time I managed to you know learn some programming learn some key Solutions and basically what I did in that year I came back was create an education software if anyone can remember that time Jubilee was saying they're going to give all the children laptops so I created an education software for those laptops because there wasn't anything practical they could do without the laptop so I created a software pedal leads to schools McKinney Light Academy in every primary Etc and then in 2014 I had the opportunity of actually joining Microsoft as a college higher now since then until now I've actually been to that organization but I have traversed different roles I was a developer in the developed organization I went and sold software software as uh will tell you we will be also with him I bet on software and I was also in support and services so just hearing how people say you know a customer calling you yeah I've gone through WhatsApp as well but now I have the opportunity of working in engineering specifically with the cyber security engineering team and what I do is I focus on iot security siemensor network security and also threat intelligence so it's a vast amount of scenarios in terms of what I do but most importantly it's to give you the visibility that there's a lot you can actually do in cyber security right it's not you can Skip and testing defensive offensive no there's so much you can actually do whether it's the network endpoint identity iot Etc and that's what we're actually going to be talking about today so let's get into what the actual thing or what is cyber security um I came up with this brief overview um to just give us a good overview of some of the buzzwords that come in cyber security I'm sure if you look at the top right money in the middle anyone who's been in Kenya for the last two months has been carrying money in the middle money in the middle man in the middle but what essentially does this actually mean it's very simple it's the practice of Defending computers servers devices electronic systems from and data from malicious attacks but where does this actually come from what's the origin story let's get into the first aspect if you look at today's organizations right we live in what is known as an expanding digital estate what do you mean by this how we are collaborating as an organization is not from a technology perspective it's not a perimeter sort of motion right it's not our in term of firewall VPN everything transacts individually no we have API allowing us to integrate with other organizations with our customers with our collaborators now with this what happens is sorry what happens is our attack surface is extensively increased because we are not only protecting our internal network but also those collaborations those Integrations all of that is essentially coming into play now with this expanding digital estate comes at inherent risks if I looked at a study um that was done in actually 2020 it showed that with this integration and specifically in covet times right like 2020 I remember it was a good time for Tech because we sold a lot of software right because companies found themselves in terms of they were told you can't physically work together you have to embrace remote work and with that they found common challenges so similar to how we were investing in productivity collaboration enhancing all those approaches we had attackers also investing in that same approach because they knew organizations were not prepared for remote work specifically from a security perspective what did we see in that motion we saw an increase in sophistication of threats threats that are enabling AI we have the ransomwards we have 30 years all those nice words right all of that essentially came specifically in the Copic type and these are some of the common challenges that we are currently experiencing at the moment right now and this is what is happening due to the expanding of the digital estate one thing that I would like you to note is that same study said in 2021 as of last year W 3.5 million and fulfilled security jobs just in America alone what does this mean what does this mean there's opportunity guys so everything that you essentially do you can actually take advantage because there's opportunity towards them the attackers are not sleeping the adversaries the Bad actors they're not sleeping and the potential for you to take this Advantage should have solve this Global pandemic that is cyber security issues and challenges is something you can take advantage of just another study before we actually get into what the trends I took this actually today morning from uh for this magazine article funny enough we only think they they usually do rich lists do they control people please I was very surprised to see they have also some technology articles as well but what I wanted you to note is the fact that they were able to state that the cost of cybercrank by end of 2022 will actually be eight trillion dollars now if you think about that their AIMS in terms of how do we need to prioritize this and focus on specific scenarios now based off of this article I was able to pick some common trends that I think we can actually double down a bit in from my view these are the four key things that I would like to talk about now this doesn't mean these are the only current trends I think we had a session from one of my colleagues I don't know if she's here joyline talking about securing uh their circles that's also a major I would say an honorable mention in terms of how people are shifting left from a security perspective being able to get into depths when the you know the application is being developed ensuring that it's actually protected before it goes into production those are one of the trends that we're actually seeing and receive more companies actually adopt that but based on what I would like to talk about are these four Internet of Things the rise of ransomware remote working cyber security races and increasingly sophisticated attacks let's get into what's it the animation was just for you guys great so when we talk about internet of things how many of you guys use Internet of Things of hands if you don't know what internet of things is okay in terms of things essentially as you mentioned where it's looking at physical devices outside of the most common scenarios right your computers your phones your servers Etc we are looking at these sort of devices that are essentially able to connect with the internet send data and for you to Traverse different functionalities as well personally in my house I have a lot of Alexa's I have a lot of lights that have actually been configured to allow me to enter the house and say Alexa switch on this light Etc it's very nice especially you know when the ladies pass by and say Alexa switch on this like it looks very nice right but there is an inherent sort of risk that actually comes with the internet of things and what do I mean by this iot has been created specifically to enhance collaboration I have productivity security comes last it's not been in the Forefront why because as companies they are looking at how do we make more money if it's a wearable if it's a light switch how can we sell it and push it across they are not thinking what's the inherent attack that can actually come with somebody gaining access to what that iot environment another thing that I'd like to talk about is also operational technology now if you look at the graphic there's an element where it says Healthcare Systems Smart Homes Big Data smart grids Etc the technology that runs your Warehouse your petrochemical facility your medicine plant is what's known as operational technology that technology that basically works with the sensors the thermal temperature Etc right the conveyor belts all of that the actuators it's known as operational technology and that primarily was built to enhance one thing safety and productivity so two things safety and productivity that particular technology is very old and security for one was never a key Focus for them now come 2021 adversaries are really taking advantage of the fact that security is not at the Forefront of these Technologies and with this I have an example the following is known as the Triton attack it actually happened in one of the petrochemical facilities in in Middle East I will not say the country because you can easily find out about it but you can always go and look at it so this basically talks about an attack that happened to this chemical facility and the aim was not to steal data or disrupt the data the aim was to disrupt the safety protocols and actually cause what's known as a explosion let's get into the depth in terms of what actually happened in this specific case you have a simple environment that would be engaging in a petrochemical facility now if you talk about operational technology technology in the warehousing that's what's known as the Purdue model that essentially focuses on the different layers of of of the overall warehouse now level zero is where the actual things that actually move right your sensors your actuators your conveyor belts Etc level one are where your program apological controls essentially happen things that actually tell the physical things to move right on level two you where the management layer of the Purdue model comes into play here you have your engineering workstations you have your hmis Etc now if you move over towards this side is where I think everyone here is familiar with right DMZ and corporate Network you have your workstations but this was the current scenario in that petrochemical facility what actually happened if we look at it the first thing that happened with this attack is people were able to steal credentials in the corporate environment right then through that they were able to deploy PC malware into what the level two layer and what essentially happened is the deployed reconnaissance tools just understanding what's actually happening in this OT environment and they have programmatological controls do they have remote terminal units Etc and with that they were able to install what's known as a remote access toolkit with an aim of accessing the safety programmable logical control and their aim was very simple disable the safety PLC to cause an explosion now this organization managed to gain access when they did this but think about this it's not just about losing data it's safety let's say usiu was in a sort of a smart building sort of situation right um and we find somebody gaining access has locked up the doors then put the AC on like a very high sort of temperature you can imagine with all of us in here what can actually happen towards that so that's the inherent risk that we actually see from an iot security perspective let's go on towards the next aspect which is ransomware and I think everyone is familiar with Ransom if you don't know run somewhere you really need to know about this this is a 20 year old technology it's been here for years and it's the most simplest but the most inherent sort of cyber security threat and Trend that we are seeing across the world a couple of things that you can actually see is some elements of data I'm not actually going to go through it fully but you can see the cost of what ransomware is causing towards normal institutions is quite a lot where it's 20 billion uh in in just the last year in terms of uh impacts towards data but what I would like you to note for the fact is as much as you know if those are not aware of what runs in my ears is it's a simple um sorry it's a simple attack where people basically deploy a software onto environment it encrypts your data and they essentially ask for a ransom for YouTube get it back but based upon what we have seen from studies even if you pay which 90 of the times is in Bitcoin you don't you never get the data back so these are just bad people that are essentially coming up with ways in terms of how they can actually gain access towards your data and these are some of the scenarios that we're actually seeing across a common example of ransomware is as follows this was very prevalent during Kobe times when everyone was running for vaccines you know having a vaccine you have to have a hookup right like blah blah blah but what happened as well was people who are receiving emails saying if you want to get access to other vaccine you know fill this form Etc adversaries and Bad actors took advantage towards that as soon as people clicked the link boom data was encrypted and you're asked to pay a couple of Bitcoin which was very expensive then if you have some Bitcoin now for that but at that time it was a bit a bit expensive but so you can actually see the inherent risk if you look at it from a pattern perspective it's three key things around ransomware entering the environment transversing and spreading and executing objectives simple things through client attacks phishing stealing credentials be able to gain access towards different users and specifically towards targeted organizations right you can have access towards your machine uh you go home you go to funny websites to watch free movies through that people are able to gain access to other credentials and then they move what's known as lateral movement to move towards the organization to gain access towards your critical Solutions right so you can find um even like like let's say like I look at Microsoft the Askari down there who lets people doing Hazard has a laptop but he's still connected to other network right he can go home watch funny videos on funny sites and that can be a potential entrance to actually impacting our overall system from a solution such as ransomware and this is essentially what we actually see coming as I mentioned they enter the environment then there's a whole portion of credential theft and malware installation it's constant and the aspect is just to go towards the organization moving up from a lateral perspective gaining access towards specific people and from an objective perspective it's very simple exfiltration steal your data encrypts your data and extortion so this is something that we're seeing from a trend perspective I won't go too much deep in terms of some of the use cases that we see these are a lot of common use cases that we actually see one I try um I actually knew a couple of organizations governmental that were actually impacted by one acry in 2017. I remember working very late at night trying to recover later Patia it's a recurring one that you currently see ryuk and Samsung you can go read more about this and get in depth towards that as well in terms of the last two trends the first one that we have is the remote working cyber security risk now I'll just talk very simply in terms of what we see as I mentioned during Kobe times the wire training what we saw is people literally just go telling people go download Zoom download teams get access let's work let's move across the board half the time people were connecting from unsecure Wi-Fi networks either at home either Java either a cat cafe you know your neighbor's Wi-Fi and that was a potential risk towards organizations and potentially what we saw is people were able to access sensitive data through unsafe Wi-Fi networks we talked about the scenario of the ascari going home gaining access towards finding websites and then connecting towards the local network and through that leveraging that is a path to um actual impact and then clicking on suspicious links as well specifically around Kobe times that was a common scenario we saw as well last but not least in terms of the cyber security threats that we actually see is increasingly sophisticated attacks now I like to use um movies to basically Express um what I'm trying to talk about right so anyone here watched Avengers Age of Ultron who remembers the story like it wasn't a good movie anyway so it will help you what happened is um the the main Arctic and Tony Stark created uh basically a defense sort of system that was helping them control and manage themselves again against threats but what happened is they empowered that system that he was able to learn so much more and start to draw parallels in terms of what was right and what was wrong and Taste of the fact that it was leveraging artificial intelligence it consistently learned and basically improved its overall defense capabilities that he was actually able to defeat The Avengers at least in the first few times this is something that we're actually seeing today we have adversaries and Bad actors actually investing in artificial intelligence and machine learning as ways to attack organizations they do it with Seasons as we saw in coffee 19. um this is a billion dollar literally billion dollar Enterprises that are coming up with ways in terms of how they can actually impact different organizations and we have immorted which is a good example and this was basically a malware that was targeted towards financial institutions and it had the ability to change the nature of its attacks right so if you think anyone that does defensive security here it's about understanding patterns right once you understand that pattern you know how to block it you stop it right now any common security attack would would more or less be stopped but since due to the fact that they were immortat was leveraging machine learning it